Dive Brief:
- Valid account compromises accounted for almost one-third of global cyberattacks last year, making them the most-common initial access vector for threat actors, according to IBM X-Force’s Threat Intelligence Index report.
- X-Force observed a 71% increase in the volume of valid account credential attacks in 2023, the company said Wednesday in its annual report.
- “What you're really seeing is an aha moment on the part of threat actors in shifting to something that works,” said Charles Henderson, global managing partner and head of IBM X-Force. “What this establishes is that the criminals have figured out that valid credentials are the path of least resistance, and the easiest way in.”
Dive Insight:
IBM X-Force’s findings underscore the persistent pitfalls of poor credential management and enterprises’ inability to differentiate between legit and illegitimate authentications and access.
Many cybersecurity products aren’t designed to detect when valid credentials are used by an invalid operator, and it goes against organizations’ entire detection strategy looking for illegitimate use, Henderson said.
Widespread credential reuse and vast repositories of valid credentials for sale on the dark web are also fueling this rise in identity-based attacks, according to IBM. Cloud account credentials account for almost 90% of assets for sale on the dark web.
While threat actors target single sign-on providers in a bid to gain access to many accounts at once, the continued practice of credential reuse can deliver the same results, Henderson said.
“The amount of credential reuse means that many credentials are de facto single sign-on just because the users are reusing them with many, many accounts,” Henderson said.
As threat actors flocked to valid credentials in 2023, the number of phishing campaigns linked to attacks declined 44% from 2022. Phishing comprised nearly 1 in 3 of all incidents remediated by X-Force last year.
“Rather than a technology shift, it’s a business strategy shift on the part of threat actors. They are maximizing return on investment by taking the low-cost method of entry,” Henderson said.
IBM’s report once again highlights the fact organizations have largely failed to correct the mistakes cybersecurity experts have warned about. Henderson thought the industry would be on to newer and bigger problems by now, but he said he’s not discouraged.
“This is distilling down what we have to work on, and the cool thing about it is nothing in this report highlights things that are just insurmountable. It just requires focus and prioritization,” Henderson said.
“Make no mistake, if we solve authentication, there will be a next problem,” Henderson said. “But as we get better and better, we lower the return on investment for these criminals, we make it more difficult. And that’s really what we’re striving for is to overturn the business model that is cybercrime.”
